diff --git a/plugins/experimental/rate_limit/rate_limit.cc b/plugins/experimental/rate_limit/rate_limit.cc index 7b8255365a4..8220f55d7d6 100644 --- a/plugins/experimental/rate_limit/rate_limit.cc +++ b/plugins/experimental/rate_limit/rate_limit.cc @@ -25,9 +25,6 @@ #include "txn_limiter.h" #include "utilities.h" -// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection -#if TS_USE_HELLO_CB - #include "sni_selector.h" #include "sni_limiter.h" @@ -84,8 +81,6 @@ TSPluginInit(int argc, const char *argv[]) } } -#endif - /////////////////////////////////////////////////////////////////////////////// // Setup stuff for the remap plugin // diff --git a/plugins/experimental/rate_limit/sni_limiter.cc b/plugins/experimental/rate_limit/sni_limiter.cc index 4fb932af539..c8ffa9913e1 100644 --- a/plugins/experimental/rate_limit/sni_limiter.cc +++ b/plugins/experimental/rate_limit/sni_limiter.cc @@ -17,9 +17,6 @@ */ #include "tscore/ink_config.h" -// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection -#if TS_USE_HELLO_CB - #include #include #include @@ -43,9 +40,9 @@ sni_limit_cont(TSCont contp, TSEvent event, void *edata) switch (event) { case TS_EVENT_SSL_CLIENT_HELLO: { - TSSslConnection ssl_conn = TSVConnSslConnectionGet(vc); - SSL *ssl = reinterpret_cast(ssl_conn); - std::string_view sni_name = getSNI(ssl); + int len; + const char *server_name = TSVConnSslSniGet(vc, &len); + std::string_view sni_name(server_name, len); if (!sni_name.empty()) { // This should likely always succeed, but without it we can't do anything SniRateLimiter *limiter = selector->find(sni_name); @@ -128,5 +125,3 @@ SniRateLimiter::initialize(int argc, const char *argv[]) return true; } - -#endif diff --git a/plugins/experimental/rate_limit/sni_selector.cc b/plugins/experimental/rate_limit/sni_selector.cc index 7f31702128e..60fc2ee8547 100644 --- a/plugins/experimental/rate_limit/sni_selector.cc +++ b/plugins/experimental/rate_limit/sni_selector.cc @@ -17,9 +17,6 @@ */ #include "tscore/ink_config.h" -// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection -#if TS_USE_HELLO_CB - #include #include "sni_limiter.h" @@ -136,5 +133,3 @@ SniSelector::setupQueueCont() _action = TSContScheduleEveryOnPool(_queue_cont, QUEUE_DELAY_TIME.count(), TS_THREAD_POOL_TASK); } } - -#endif diff --git a/plugins/experimental/rate_limit/utilities.cc b/plugins/experimental/rate_limit/utilities.cc index e8695b368ef..c648d98c13c 100644 --- a/plugins/experimental/rate_limit/utilities.cc +++ b/plugins/experimental/rate_limit/utilities.cc @@ -21,47 +21,6 @@ #include "ts/remap.h" #include "utilities.h" -// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection -#if TS_USE_HELLO_CB - -std::string_view -getSNI(SSL *ssl) -{ - const char *servername = nullptr; - const unsigned char *p; - size_t remaining, len = 0; - - // Parse the server name if the get extension call succeeds and there are more than 2 bytes to parse - if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) && remaining > 2) { - // Parse to get to the name, originally from test/handshake_helper.c in openssl tree - /* Extract the length of the supplied list of names. */ - len = *(p++) << 8; - len += *(p++); - if (len + 2 == remaining) { - remaining = len; - /* - * The list in practice only has a single element, so we only consider - * the first one. - */ - if (*p++ == TLSEXT_NAMETYPE_host_name) { - remaining--; - /* Now we can finally pull out the byte array with the actual hostname. */ - if (remaining > 2) { - len = *(p++) << 8; - len += *(p++); - if (len + 2 <= remaining) { - servername = reinterpret_cast(p); - } - } - } - } - } - - return std::string_view(servername, servername ? len : 0); -} - -#endif - /////////////////////////////////////////////////////////////////////////////// // Add a header with the delay imposed on this transaction. This can be used // for logging, and other types of metrics. diff --git a/plugins/experimental/rate_limit/utilities.h b/plugins/experimental/rate_limit/utilities.h index fb76a602233..0ff58bff3c3 100644 --- a/plugins/experimental/rate_limit/utilities.h +++ b/plugins/experimental/rate_limit/utilities.h @@ -24,6 +24,5 @@ constexpr char const PLUGIN_NAME[] = "rate_limit"; -std::string_view getSNI(SSL *ssl); void delayHeader(TSHttpTxn txnp, std::string &header, std::chrono::milliseconds delay); void retryAfter(TSHttpTxn txnp, unsigned retry);